Book of the Month : Writing Secure Code for Windows Vista

This is the one of the ‘Writing Secure Code’ series book completely focused on security design & implementations incorporated into vista. Written by experts involved in secure development of Vista, book offers complete coverage of security defenses in precise and concise format. However unlike earlier security book in the series, this book is solely dedicated to Vista explaining its new security defenses in depth.

.

.

Here is the table of contents for this book

Chapter 1. Code Quality

Chapter 2. User Account Control, Integrity Levels, and Tokens

Chapter 3. Buffer Overrun Defenses

Chapter 4. Taking Advantage of Network Security Features and Defenses

Chapter 5. Creating Secure and Resilient Services

Chapter 6. Taking Advantage of Internet Explorer Defenses

Chapter 7. Cryptographic Changes in Windows Vista

Chapter 8. Authentication and Authorization

Chapter 9. Miscellaneous Defenses

.

The book explains all the Vista security mechanisms such as UAC, integrity levels, various compiler/linker flags to prevent buffer exploitation, session isolation, new credential provider design, IE protected mode and many more. Also It contains complete ready to use code examples demonstrating usage of these security mechanisms. I have been referring this book since its release and found it to be very useful & informative.

Although you can grab all these vista security features by reading Microsoft knowledge base articles but the fastest and best way to do is to read this book.

.

Though this book has been specifically written for Vista, it still holds a good reference for Win 7 as well considering that there has not been much changes in Win 7 since Vista. At the end of the day this is must have book for any security conscious developer to unleash the security defenses of Vista and Win 7.

Similar posts

Computer Security Tips: Stay Safe Onl...
—
In recent times cyber security has raised the level of awareness and public consciousness as never before. Both large corporations and big organizations try to take care of online security as much as they can. That’s why cyber criminals and hackers have focused more on smaller companies and single entrepreneurs. This awful tendency leads to [...]

SecurityXploded Mentorship Programme ...
—
I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]

Code Injection and API Hooking Techni...
—
Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]

Announcement – SecurityXploded ...
—
From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]

Advanced Malware Analysis Training Se...
—
Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat RAT Functionalities This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012. In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]